diff options
| author | Chuck Lever <chuck.lever@oracle.com> | 2008-09-26 12:42:45 -0400 |
|---|---|---|
| committer | Steve Dickson <steved@redhat.com> | 2008-09-26 12:42:45 -0400 |
| commit | 18c6c616e07ec4fcd27108d87b6f02280d9687d6 (patch) | |
| tree | becebe3ddb8a3426837139f4a87b9397929f092b /support/nfs/svc_socket.c | |
| parent | 4ac04d76dc0fffe48313d6a16b4ca9b44c135818 (diff) | |
| download | nfs-utils-18c6c616e07ec4fcd27108d87b6f02280d9687d6.tar.gz nfs-utils-18c6c616e07ec4fcd27108d87b6f02280d9687d6.tar.xz nfs-utils-18c6c616e07ec4fcd27108d87b6f02280d9687d6.zip | |
rpc.statd: eliminate --secure_statd
Clean up: Remove RESTRICTED_STATD to help make IPv6 changes simpler.
We keep the code behind RESTRICTED_STATD, and toss anything that is
compiled out when it is set.
RESTRICTED_STATD was added almost 10 years ago in response to CERT
CERT CA-99.05, which addresses exposures in rpc.statd that might allow
an attacker to take advantage of buffer overflows in rpc.statd while it
is running in privileged mode.
These days, I can't think of a reason why anyone would want to run
rpc.statd without setting RESTRICTED_STATD. In addition, I don't
think rpc.statd is ever tested without it.
Removing RESTRICTED_STATD will get rid of some address storage and
comparison issues that will make IPv6 support simpler. Plus it will
make our test matrix smaller!
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Acked-by: Neil Brown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
Diffstat (limited to 'support/nfs/svc_socket.c')
0 files changed, 0 insertions, 0 deletions